Lucene search
K

20 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/03/25 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-3120

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

8.1CVSS7.5AI score0.88559EPSS
Exploits17References1
myhack58
myhack58
added 2018/12/14 12:0 a.m.299 views

Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...

7.5CVSS0.1AI score0.99906EPSS
Exploits29
Tenable Nessus
Tenable Nessus
added 2015/06/26 12:0 a.m.73 views

FreeBSD : elasticsearch and logstash -- remote OS command execution via dynamic scripting (43ac9d42-1b9a-11e5-b43d-002590263bf5)

Elastic reports : Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerabl...

8.1CVSS7.6AI score0.88559EPSS
Exploits17References8
myhack58
myhack58
added 2015/03/07 12:0 a.m.36 views

ElasticSearchGroovy script remote code execution vulnerability emergency overview-vulnerability warning-the black bar safety net

! Know Chong Yu security research group 2 0 1 5 . 0 3 . 0 5 First, the vulnerability described in ElasticSearch is a JAVA development search analysis engine. 2 0 1 4 years, had been exposed by a remote code execution vulnerability, CVE-2 0 1 4-3 1 2 0, the vulnerability appears in the script quer...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/12 12:0 a.m.37 views

RHEL 6 : katello-configure (RHSA-2014:1186)

An updated katello-configure package that fixes one security issue is now available for Red Hat Subscription Asset Manager. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS7.8AI score0.88559EPSS
Exploits17References3
RedHat Linux
RedHat Linux
added 2014/09/11 9:18 p.m.52 views

Important: Red Hat Security Advisory: katello-configure security update

An updated katello-configure package that fixes one security issue is now available for Red Hat Subscription Asset Manager. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS7.4AI score0.88559EPSS
Exploits17References2
RedHat Linux
RedHat Linux
added 2014/09/10 5:43 a.m.45 views

Important: Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update

This advisory contains instructions on how to resolve one security issue in the Elasticsearch component in Fuse ESB Enterprise and Fuse MQ Enterprise 7.1.0. Red Hat Product Security has rated this security issue as having Important security impact. A Common Vulnerability Scoring System CVSS base...

8.1CVSS7.6AI score0.88559EPSS
Exploits17References5
RedHat Linux
RedHat Linux
added 2014/09/10 5:33 a.m.70 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update

This advisory contains instructions on how to resolve one security issue in the Elasticsearch component in Red Hat JBoss Fuse and A-MQ 6.1.0. Red Hat Product Security has rated this security issue as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

8.1CVSS7.6AI score0.88559EPSS
Exploits17References5
Packet Storm
Packet Storm
added 2014/07/30 12:0 a.m.128 views

Elastic Search 1.1.1 Arbitrary File Read

!/bin/bash Exploit Elastic Search 1.1.1 CVE-2014-3120 Larry W. Cashdollar @larry0 http://www.vapid.dhs.org/exploits/elasticexploit.sh.txt http://bouk.co/blog/elasticsearch-rce/ Vulnerability author Bouke van der Bijl echo "+ Adding initial entry to $1:9200" curl -XPOST "http://$1:9200/data/test/1...

6.8CVSS0.2AI score0.88559EPSS
Exploits17
Vulnrichment
Vulnrichment
added 2014/07/28 7:0 p.m.13 views

CVE-2014-3120

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor's intended security policy if the user does not run...

8.3AI score0.88559EPSS
Exploits17References8
CVE
CVE
added 2014/07/28 7:0 p.m.1150 views

CVE-2014-3120

CVE-2014-3120 : Elasticsearch’s default configuration prior to certain builds enables dynamic scripting, allowing remote attackers to execute arbitrary MVEL expressions and Java code via the _search source parameter. Public references indicate this enables remote code execution and constitutes a ...

8.1CVSS7.5AI score0.88559EPSS
In wildExploits17References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2014/07/28 12:0 a.m.34 views

CVE-2014-3120

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. NOTE: this only violates the vendor’s intended security policy if the user does not run...

8.1CVSS7.3AI score0.88559EPSS
In wildExploits17References13
GithubExploit
GithubExploit
added 2014/07/07 8:28 p.m.5 views

Exploit for Improper Access Control in Elasticsearch

ElasticSearch search Remote Code Execution CVE-2014-3120 =====...

8.1CVSS7.5AI score0.88559EPSS
Exploits17
0day.today
0day.today
added 2014/06/01 12:0 a.m.108 views

ElasticSearch Dynamic Script Arbitrary Java Execution

Exploit for java platform in category remote exploits This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Dynamic Script Arbitrary Java Execution', 'Description' = %q This...

6.8CVSS0.1AI score0.88559EPSS
Exploits17
Metasploit
Metasploit
added 2014/05/27 11:1 p.m.71 views

ElasticSearch Dynamic Script Arbitrary Java Execution

This module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the REST API, which does not require authentication, where the search function allows dynamic scripts execution. It can be used for remot...

8.1CVSS7.9AI score0.88559EPSS
Exploits17
Check Point Advisories
Check Point Advisories
added 2014/05/25 12:0 a.m.11 views

ElasticSearch search Remote Code Execution (CVE-2014-3120)

A remote command execution vulnerability has been found in ElasticSearch. The vulnerability is due to the search function in the REST API which does not require authentication and allows dynamic scripts execution. A remote attacker can exploit this weakness to execute arbitrary code via a special...

6.8CVSS4.7AI score0.88559EPSS
Exploits17
FreeBSD
FreeBSD
added 2014/05/22 12:0 a.m.42 views

elasticsearch and logstash -- remote OS command execution via dynamic scripting

Elastic reports: Vulnerability Summary: In Elasticsearch versions 1.1.x and prior, dynamic scripting is enabled by default. This could allow an attacker to execute OS commands. Remediation Summary: Disable dynamic scripting. Logstash 1.4.2 was bundled with Elasticsearch 1.1.1, which is vulnerable...

8.1CVSS7.4AI score0.88559EPSS
Exploits17References7
0day.today
0day.today
added 2014/05/15 12:0 a.m.277 views

ElasticSearch Remote Code Execution Exploit

Exploit for multiple platform in category web applications body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename +...

6.8CVSS6.4AI score0.88559EPSS
Exploits17
Circl
Circl
added 2014/05/15 12:0 a.m.8 views

CVE-2014-3120

creationtimestamp| type| source ---|---|--- 2014-05-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33370 2014-05-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33588 2014-10-20 06:04:12+00:00| seen| MISP/5444a4b6-a7b8-41f0-8f49-45c7950d210b 2018-05-29...

8.1CVSS7.2AI score0.88559EPSS
In wildExploits17References12
Exploit DB
Exploit DB
added 2014/05/15 12:0 a.m.389 views

ElasticSearch - Remote Code Execution

body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename + "".useDelimiter"\\Z".next;"; ; writefile =...

8.1CVSS6.4AI score0.88559EPSS
Exploits17
Rows per page
Query Builder